$val) { if (preg_match($rx_http, $key)) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); // do some nasty string manipulations to restore the original letter case // this should work in most cases $rx_matches = explode('_', $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2) { foreach ($rx_matches as $ak_key => $ak_val) $rx_matches[$ak_key] = ucfirst($ak_val); $arh_key = implode('-', $rx_matches); } $arh[$arh_key] = $val; } } return ($arh); } } // Osnovne nastavitve instalacije (path, sql baza) include('settings.php'); // overridi za kopije if (getenv('apache_site_path') != '') $site_url = getenv('apache_site_url'); if (getenv('apache_site_path') != '') $site_path = getenv('apache_site_path'); if (getenv('apache_site_domain') != '') $site_domain = getenv('apache_site_domain'); if (getenv('apache_originating_domain') != '') $originating_domain = getenv('apache_originating_domain'); if (getenv('apache_keep_domain') != '') $keep_domain = getenv('apache_keep_domain'); // se MSN in FB if (getenv('apache_facebook_appid') != '') $facebook_appid = getenv('apache_facebook_appid'); if (getenv('apache_facebook_appsecret') != '') $facebook_appsecret = getenv('apache_facebook_appsecret'); if ($pass_salt == "") die ("Please set unique pass_salt in settings.php!"); // igramo se z jezikom... if (isset ($_GET['overridelang']) && is_numeric($_GET['overridelang'])) { $_SESSION['overridelang'] = $_GET['overridelang']; } // Nastavimo site_url v session $_SESSION['site_url'] = $site_url; // Povezemo z bazo if (!$connect_db = mysqli_connect($mysql_server, $mysql_username, $mysql_password, $mysql_database_name)) { die ('Please try again later [ERR: DB])'); } // To je ostanek sispleta in verjetno ne sme biti več prisotno? //sisplet_query("SET character_set_results=latin1"); // FIRST CHECK FOR SQL INJECT!!!! // WEB user MUST NOT have privileges to DROP or ALTER // mysql escaping used on all GPC variables function stripslashes_gpc(&$value) { /*if (get_magic_quotes_gpc()) { $value = stripslashes($value); }*/ $value = mysqli_real_escape_string($GLOBALS['connect_db'], $value); } array_walk_recursive($_GET, 'stripslashes_gpc'); array_walk_recursive($_POST, 'stripslashes_gpc'); array_walk_recursive($_COOKIE, 'stripslashes_gpc'); // ker se sedaj vse escapa z mysql funcijo, se kjer se to potrebuje vse skupaj unescapa z mysql_real_unescape_string() (definirana v function.php) function sisplet_query($q, $special_connect_db = null, $single = false) { global $site_domain; if ($special_connect_db !== null && !in_array($special_connect_db, ['array', 'obj', 'id', 'valarray', 'onevalarray']) && is_resource($special_connect_db)) { $connect_db = $special_connect_db; } else { global $connect_db; } if (!$connect_db) { die ('Invalid DB resource! [ERR: DB])'); } //ce je nastavljen drugi parameter == multi_query, potem zazeni opcijo za multi_query $res; try{ if($special_connect_db != 'multi_query') $res = mysqli_query($connect_db, $q); else $res = mysqli_multi_query($connect_db, $q); } catch(Exception $e) { return false; } mysqli_store_result($connect_db); // Za razvoj in test SQL napake prikažemo, za ostale inštlacije pa zapišemo v error log // V kolikor je napaka potem beležimo v error log za naštete domene if (!$res && in_array($site_domain, ['localhost', '1ka.test', 'test.1ka.si'])) { error_log(mysqli_error($connect_db)); } // V kolikor imamo posebne zahteve, če v bazi ne obstaja query, potem vrnemo FALSE if (!empty($res) && !is_null($special_connect_db) && $special_connect_db != 'multi_query') { if (preg_match('/(^SELECT)/', $q) && in_array($special_connect_db, ['array', 'obj', 'valarray', 'onevalarray']) ) { $rezultat = []; while ($row = mysqli_fetch_assoc($res)) { if($special_connect_db == 'obj'){ $rezultat[] = (object) $row; }else if($special_connect_db == 'valarray'){ $rezultat[] = array_values($row); }else if($special_connect_db == 'onevalarray'){ $rezultat[] = reset($row); }else{ $rezultat[] = $row; } } // V koliko imamo samo en rezultat if (mysqli_num_rows($res) == 1 && ($single || $special_connect_db == 'obj')) return $rezultat[0]; return $rezultat; } elseif (preg_match('/(^INSERT)/', $q) && $special_connect_db == 'id') { // V kolikor imamo insert in želimo vrniti id vnosa return mysqli_insert_id($GLOBALS['connect_db']); } } return $res; } if (isset($_POST)) { $postArray = &$_POST; foreach ($postArray as $sForm => $value) { if (is_string($value) && strpos(strtolower($value), "insert into") === true) hack(); if (is_string($value) && strpos(strtolower($value), "delete from") === true) hack(); if (is_string($value) && strpos(strtolower($value), "alter table") === true) hack(); if (is_string($value) && strpos(strtolower($value), "
= $lang['back'] ?>